| Title | Verify a username and password in a database in Visual Basic .NET |
|---|
| Description | This example shows how to verify a username and password in a database in Visual Basic .NET. |
|---|
| Keywords | password, user name, user id, verify passwoord, database, ADO.NET, VB.NET |
|---|
| Categories | Database, VB.NET, Software Engineering |
|---|
|
|
|
Enter a user name and password. When you click Set Password, the program uses the following code to save the data in the database. It calls function GetDbConnection to open the database. It deletes any existing password record for the user name.
Next the code uses the function HashPassword to hash the password and stores the result with the user name in the database. Note that the database does not contain the original password, only the hashed version.
|
|
' Set a new password for the user.
Private Sub btnSetPassword_Click(ByVal sender As _
System.Object, ByVal e As System.EventArgs) Handles _
btnSetPassword.Click
' Open the database.
Dim conn As OleDbConnection = GetDbConnection()
' Delete any existing record.
Dim query As String
Dim cmd As New OleDbCommand
query = "DELETE FROM Passwords WHERE UserName='" & _
txtUserName.Text & "'"
cmd = New OleDbCommand(query, conn)
cmd.ExecuteNonQuery()
' Insert the new record.
query = "INSERT INTO Passwords VALUES ('" & _
txtUserName.Text & "', '" & _
HashPassword(txtPassword.Text) & "')"
cmd = New OleDbCommand(query, conn)
cmd.ExecuteNonQuery()
' Close the connection.
conn.Close()
conn.Dispose()
MessageBox.Show("Ok")
End Sub
|
|
|
The program executes the following code when you enter a user name and password and click Verify Password. It uses the GetDbConnection function to open the database.
Next the code fetches the record for this user. It uses an OleDbCommand object with parameters to fetch the record so the user cannot use an SQL injection attack by entering weird user names.
The program hashes the password in the form's text box and compares the result to the hashed password stored in the database. If the two match, the password is correct.
|
|
' Verify that the user has entered the right password.
Private Sub btnVerifyPassword_Click(ByVal sender As _
System.Object, ByVal e As System.EventArgs) Handles _
btnVerifyPassword.Click
' Open the database.
Dim conn As OleDbConnection = GetDbConnection()
' Fetch the saved hashed password.
Dim query As String
Dim cmd As New OleDbCommand
query = "SELECT Password FROM Passwords WHERE " & _
"UserName=?"
cmd = New OleDbCommand(query, conn)
cmd.Parameters.Add(New OleDbParameter("UserName", _
txtUserName.Text))
Dim saved_hash As String = cmd.ExecuteScalar()
' Hash the password entered by the user.
Dim test_hash As String = HashPassword(txtPassword.Text)
' Close the connection.
conn.Close()
conn.Dispose()
' Compare the two hashed passwords.
If test_hash = saved_hash Then
MessageBox.Show("Access Authorized")
Else
MessageBox.Show("Get lost, ya bum!")
End If
End Sub
|
|
|
The following code shows how the GetDbConnection function opens the database. It builds the database path, composes a connection string, and opens the connection.
|
|
' Open the database.
Private Function GetDbConnection() As OleDbConnection
' Compose the database file name.
' Modify this if the database is somewhere else.
Dim database_name As String = Application.StartupPath()
database_name = database_name.Substring(0, _
database_name.LastIndexOf("\"))
database_name = database_name & "\test.mdb"
' Compose the connect string.
Dim connect_string As String = _
"Provider=Microsoft.Jet.OLEDB.4.0;" & _
"Data Source=" & database_name
' Open a database connection.
Dim conn As New OleDbConnection(connect_string)
conn.Open()
' Return the connection.
Return conn
End Function
|
|
|
The following code shows the simple hashing function used by this program. This version simply adds one to each character in the password. In a real application, you should use something much stronger such as the hashing methods provided by the Crypto namespace.
|
|
' Return the hashed password.
' Note that this is just a simple example that shifts
' the password's characters. In a real program, you should
' do something stronger such as using the Crypto namespace.
Private Function HashPassword(ByVal password As String) As _
String
Dim hash As String = ""
Dim i As Integer
For i = 0 To password.Length - 1
hash &= Chr(Asc(password.Substring(i, 1)) + 1)
Next i
Return hash
End Function
|
| |
|
| |
